The Ransomware Attack Isn't Over-Here's How to Protect Yourself
If your computer's running on Microsoft
Here's why: in case you haven't heard, hackers exploited a vulnerability in older Microsoft Windows servers to
execute a large-scale global cyberattack
on Friday using
Thus far, at least 200,000 computers have been infected in more than
, leaving everything from businesses and governments to academic institutions, hospitals and ordinary people affected.
How it works
The malware, which "
spreads like a worm
," is transmitted through a phishing email containing a compressed, encrypted file. Since the file is encrypted, security systems do not identify the ransomware, called Wanna Decryptor, until after it is downloaded. Wanna Decryptor, a next-gen version of the WannaCry ransomware, gains access to a given device once the malware-filled file is downloaded: it then encrypts data, locks down the system and demands ransom.
Ransomware does not typically work this quickly. But thanks to a stolen NSA cyber-weapon called EternalBlue, which was
last month by a hacking group known as the "Shadow Brokers," the malware spread rapidly by exploiting a security flaw in Microsoft Windows servers.
What users need to do
Simply put: make sure your Microsoft Windows server is up to date. Microsoft issued a patch in mid-March to fix the hole in Windows 7 and other supported versions of Windows: Vista, Server 2008, Server 2008 R2, 8.1, Server 2012, RT 8.1, 10, Server 2012 R2, and Server 2016. But those who did not apply the software update were-and still are-left exposed to the hack.
In light of the attack,
Microsoft rolled out patches
to protect older versions of Windows that "no longer receive mainstream support" from the company like Windows XP, Windows 8, and Windows Server 2003. Those running on Windows 10 are fine, as their software is not vulnerable to this particular cyberattack. Devices that are potentially susceptible are Windows 7 and Windows Server 2008, and earlier operating systems.
Microsoft recommends users upgrade to
and install the security update
. With the
Windows Defender Antivirus
detects the malware as Ransom:Win32/WannaCrypt. The company also recommends
for businesses and
Office 365 Advanced Threat Protection
for blocking emails carrying malware.
The U.S. Computers Emergency Readiness Team (CERT)
on how users can best protect themselves from the recent WannaCry ransomware threat. In addition to being "particularly wary of compressed or ZIP file attachments," CERT recommends using caution when clicking directly on links in email even if the sender is someone you know. They suggest trying to independently verify web addresses.
What happens if you don't take protective measures?
Even if you don't actively download the file from a phishing email, your device could be at risk-the ransomware also spreads through file-sharing systems on networks. Microsoft
that the worm-like functionalities of the ransomware infects "unpatched Windows machines in the local network" and "executes massive scanning on Internet IP addresses to find and infect other vulnerable computers."
Infected devices will find the desktop background image replaced with a message, calling for the user to follow instructions until they reach the ransom screen. Here, there are two timers-one showing the amount of time left until files will be deleted and a second displaying time until the ransom will increase from $300.
At this point, people have two choices: pay up and hope their device is restored, or part ways with the contents of their computer. The U.S. government
not paying ransoms, as shelling out money does not certify the data will be recovered and succumbing to cybercriminals may encourage future attacks. But that's easier said than done, when it's your own files that have been hijacked.
Wasn't the ransomware stopped?
On Friday evening, the outbreak was slowed by the unintentional finding of a "
" located in the code of the malicious software. The discovery was made by a U.K.-based cybersecurity researcher who only identifies themselves as
While this stopped the malware from spreading, the masterminds behind the attack can easily modify the code to get the ball rolling again. Since Friday, two new variations of the malware have been detected. As such, it maintains imperative for people to protect their computers.
How common is ransomware?
More common than you'd think . NPR reports that 40 percent of spam emails last year contained ransomware attachments. And the ransomware-related extortion industry is growing. In 2015, ransomware victims reported $24 million in total annual costs (e.g. ransom, tech support, security software), Reuters reported last year. In just the first three months of 2016, the reported expenses were already at $209 million.
General, good-sense advice: remotely back up your files on a regular basis. This way you'll never have to give in to a ransomware request if and when your device is compromised. And, of course, always stay up-to-date with your computer's software.